From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 16:31:49 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33093B6D for ; Fri, 7 Nov 2014 16:31:49 +0000 (UTC) Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C6A13CBA for ; Fri, 7 Nov 2014 16:31:48 +0000 (UTC) Received: by mail-wi0-f171.google.com with SMTP id r20so5093042wiv.16 for ; Fri, 07 Nov 2014 08:31:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=PsUtAzTJkI/uV0jF6mYnMZMHQepbX1dTzOGDWp0jY/M=; b=Ep9jyP8KUFw7VdJmbGnghiwgByQUqZbc/Pjk9DLUvHf7VUJaviGYE0xPEVUV+qYiXF POAHivSZOsDGK81upB/g7YQP5rhedesOF0PkMjBdAMvDuXbVMV6ocDsywxFOuj8HtQKv J9SYJX0bdeh80q495YXenbB4naRqhGFUXRwqlQzOfJjFQ5nfgES92H+M6Voblywa9YRd nRBUbn0EZd077cpSBJbC9Dh1R4dSIu32Znh0t2G3i7zqHW9X8tnaWtrAfmyCmyE/lsec xyeCjCp7H4cc3H1+kPGgVfllh8/HTpdmjJZBmGM6rMrv3vW3j0WTaSmPpkQHdfFhaVlG BzKw== MIME-Version: 1.0 X-Received: by 10.180.83.98 with SMTP id p2mr6575204wiy.20.1415377907065; Fri, 07 Nov 2014 08:31:47 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.216.106.136 with HTTP; Fri, 7 Nov 2014 08:31:47 -0800 (PST) In-Reply-To: References: <20141106135228.GE3824@nymity.ch> Date: Fri, 7 Nov 2014 08:31:47 -0800 X-Google-Sender-Auth: YyuyCs00MdiBo0NLyAKJJae8xyM Message-ID: Subject: Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network) From: Adrian Chadd To: grarpamp Content-Type: text/plain; charset=UTF-8 Cc: tor-relays@lists.torproject.org, FreeBSD Net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2014 16:31:49 -0000 ... that's .. odd. Let's poke the freebsd crypto and network stack people and ask. I can't imagine why this is a problem anymore and we should default to it being on. The other thing you could do is have the tor port require it be turned on before tor runs. -adrian On 7 November 2014 00:20, grarpamp wrote: > On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter wrote: >> On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote: >>> 173 FreeBSD >> >> FreeBSD still seems to use globally incrementing IP IDs by default. >> That's an issue as it leaks fine-grained information about how many >> packets a relay's networking stack processes. (However, nobody >> investigated the exact impact on Tor relays so far, which makes this a >> FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD >> relays I tested (38%) use global IP IDs. >> >> There's a sysctl variable called "net.inet.ip.random_id" which makes a >> FreeBSD's IP ID behaviour random. FreeBSD relay operators should set >> this to "1". >> >> Note that this issue was already discussed earlier this year in a thread >> called "Lots of tor relays send out sequential IP IDs; please fix >> that!". > > It's been default off since before it was a sysctl over a decade ago. > Anyone know what the deal is with that? Some objection, or > forgotten flag day, or oversight that really should be set to 1? > https://svnweb.freebsd.org/base?view=revision&revision=133720 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"